How severe is CVE-2024-11193?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-11193?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2024-11193 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.

Related Vulnerabilities

CVE-2016-10362

MEDIUM

CVSS:6.5(Medium)

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

CWE-5322016

CVE-2016-10819

MEDIUM

CVSS:6.5(Medium)

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

CWE-5322016

CVE-2017-11134

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.

CWE-5322017

CVE-2017-3744

MEDIUM

CVSS:6.5(Medium)

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated ...

CWE-5322017

CVE-2018-0504

MEDIUM

CVSS:6.5(Medium)

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

CWE-5322018

CVE-2018-19014

MEDIUM

CVSS:6.5(Medium)

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network conn...

CWE-5322018